A computing device for providing risk-based decisioning to a merchant during payment card transactions is provided herein. The computing device is programmed to receive, from the merchant, transaction data associated with a payment card transaction. The computing device is further programmed to compute a risk score for the payment card transaction based at least in part on the transaction data and infrastructure data associated with the payment card transaction. The computing device is also programmed transmit an indication of acceptable risk to the merchant if the risk score satisfies a first pre-defined threshold. The computing device is still further programmed to initiate an authentication challenge of the suspect consumer if the risk score satisfies a second pre-defined threshold.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said TPS computing device programmed to: receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes: transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
2. The TPS computing device of claim 1 further programmed to: receive, from the merchant computing device, one or more additional risk scoring configuration parameters; and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
3. The TPS computing device of claim 2 , wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level, and a second additional risk scoring configuration parameter defining the higher risk level.
4. The TPS computing device of claim 1 , wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
5. The TPS computing device of claim 1 further programmed to: receive, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
6. A computer-based method for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, the method implemented using a transaction processing service (TPS) computer device including a processor and a memory, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said method comprising: receiving, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; providing, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes: transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receiving, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determining whether the authentication risk score is within the first risk score tier or the second risk score tier; and processing the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
7. The method of claim 6 further comprising: receiving, from the merchant computing device, one or more additional risk scoring configuration parameters; and transmitting the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
8. The method of claim 7 , wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level and a second additional risk scoring configuration parameter defining the higher risk level.
9. The method of claim 6 , wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
10. The method of claim 6 further comprising: receiving, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and transmitting the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
11. At least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, wherein when executed by at least one processor of a transaction processing service (TPS) computing device, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, the computer-executable instructions cause the at least one processor to: receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes: transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within a memory communicatively coupled to the at least one processor; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
12. The computer-readable storage media of claim 11 , wherein the computer-executable instructions further cause the at least one processor to: receive, from the merchant computing device, one or more additional risk scoring configuration parameters; and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
13. The computer-readable storage media of claim 12 , wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level and a second additional risk scoring configuration parameter defining the higher risk level.
14. The computer-readable storage media of claim 11 , wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
15. The computer-readable storage media of claim 11 , wherein the computer-executable instructions further cause the at least one processor to: receive, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
16. The TPS computing device of claim 1 , wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein said TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.
17. The method of claim 6 , wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein the TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.
18. The computer-readable storage media of claim 11 , wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein said TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.
19. The TPS computing device of claim 1 further programmed to receive, from the merchant computing device, one or more additional risk scoring configuration parameters including a transaction type parameter indicating whether to process each of a plurality of transaction types using the first checkout option or the second checkout option.
20. The TPS computing device of claim 1 , wherein when the authentication risk score indicates the higher risk level, the TPS computing device is further configured to: receive, from the ACS computing device, an authentication challenge response including an indication of successful authentication of the suspect consumer and at least a portion of authentication data provided to the ACS computing device by the suspect consumer in response to the step-up challenge; and transmit, to the merchant computing device, an authentication response message including the indication of successful authentication of the suspect consumer and the portion of the authentication data provided to the ACS computing device by the suspect consumer, for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 22, 2015
April 7, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.